From 4a55467e1e3fa927050cc3240c538ebf1eaf54e4 Mon Sep 17 00:00:00 2001 From: Josef Rokos Date: Mon, 23 Jun 2014 15:39:49 +0200 Subject: [PATCH] =?UTF-8?q?P=C5=99=C3=ADpraveny=20pr=C3=A1va=20pro=20agend?= =?UTF-8?q?u=20"Po=C5=BEadavky".=20Upraven=20PermissionEvaluator-=20kontro?= =?UTF-8?q?la=20pr=C3=A1v=20na=20agend=C3=A1ch=20p=C5=99em=C3=ADst=C4=9Bna?= =?UTF-8?q?=20do=20priv=C3=A1tn=C3=AD=20metody.=20Opravena=20notifikace=20?= =?UTF-8?q?zm=C4=9Bny=20property=20ableToDelete.=20refs=20#100?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../info/bukova/isspst/AppInitListener.java | 6 +++ .../java/info/bukova/isspst/Constants.java | 23 ++++++++- .../security/IsspstPermissionEvaluator.java | 49 +++++++++++-------- .../info/bukova/isspst/ui/ListViewModel.java | 2 +- .../isspst/ui/dashboard/DashBoardVM.java | 8 +++ .../bukova/isspst/ui/users/UsersList.java | 6 +-- .../isspst/ui/workgroups/WorkgroupList.java | 4 +- .../webapp/admin/permissions/permForm.zul | 6 +-- 8 files changed, 74 insertions(+), 30 deletions(-) diff --git a/src/main/java/info/bukova/isspst/AppInitListener.java b/src/main/java/info/bukova/isspst/AppInitListener.java index 3ced19cd..2daddb32 100644 --- a/src/main/java/info/bukova/isspst/AppInitListener.java +++ b/src/main/java/info/bukova/isspst/AppInitListener.java @@ -102,6 +102,12 @@ public class AppInitListener implements ServletContextListener { } } } + + for (Permission p : Constants.SPECIAL_PERMISSIONS) { + if (permService.getPermissionByModule(p.getModule(), p.getAuthority()) == null) { + permService.add(p); + } + } } private void checkAllAdminRights() diff --git a/src/main/java/info/bukova/isspst/Constants.java b/src/main/java/info/bukova/isspst/Constants.java index 065f05bf..f26b4369 100644 --- a/src/main/java/info/bukova/isspst/Constants.java +++ b/src/main/java/info/bukova/isspst/Constants.java @@ -1,6 +1,7 @@ package info.bukova.isspst; import info.bukova.isspst.data.Permission; +import info.bukova.isspst.data.PermissionType; import info.bukova.isspst.data.Role; import info.bukova.isspst.reporting.Report; import info.bukova.isspst.reporting.ReportMapping; @@ -55,6 +56,7 @@ public class Constants { public final static String MOD_MUNITS = "MUNITS"; public final static String MOD_MATERIAL = "MATERIAL"; public final static String MOD_WORKGROUPS = "WORKGROUPS"; + public final static String MOD_REQUIREMENTS = "REQUIREMENTS"; public final static Module MODULES[] = { new Module(MOD_USERS, "Uživatelé", UserService.class), new Module(MOD_PERMISSIONS, "Práva", RoleService.class), @@ -62,9 +64,28 @@ public class Constants { new Module(MOD_BUILDINGS, "Budovy", BuildingService.class), new Module(MOD_MUNITS, "Měrné jednotky", MUnitService.class), new Module(MOD_MATERIAL, "Materiál", MaterialService.class), - new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class) + new Module(MOD_WORKGROUPS, "Pracovní skupiny", WorkgroupService.class), + new Module(MOD_REQUIREMENTS, "Požadavky", null) }; + public final static String PERM_APPROVE_WORKGROUP = "PERM_APPROVE_WORKGROUP"; + public final static String PERM_APPROVE_CENTRE = "PERM_APPROVE_CENTRE"; + public final static String PERM_APPROVE_LIMIT = "PERM_APPROVE_LIMIT"; + public final static String PERM_APPROVE_FINAL = "PERM_APPROVE_FINAL"; + public final static String PERM_SHOW_WORKGROUP_REQ = "PERM_SHOW_WORKGROUP_REQ"; + public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ"; + public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ"; + + public final static Permission SPECIAL_PERMISSIONS[] = { + new Permission(PERM_SHOW_WORKGROUP_REQ, "Zobrazení požadavků komise", MOD_REQUIREMENTS, PermissionType.WORKGROUP), + new Permission(PERM_SHOW_CENTRE_REQ, "Zobrazení požadavků střediska", MOD_REQUIREMENTS, PermissionType.CENTRE), + new Permission(PERM_SHOW_ALL_REQ, "Zobrazení všech požadavků", MOD_REQUIREMENTS, PermissionType.GLOBAL), + new Permission(PERM_APPROVE_WORKGROUP, "Schválení v komisi", MOD_REQUIREMENTS, PermissionType.WORKGROUP), + new Permission(PERM_APPROVE_CENTRE, "Schválení ve středisku", MOD_REQUIREMENTS, PermissionType.CENTRE), + new Permission(PERM_APPROVE_LIMIT, "Schválení nadlimitních", MOD_REQUIREMENTS, PermissionType.GLOBAL), + new Permission(PERM_APPROVE_FINAL, "Konečné schválení", MOD_REQUIREMENTS, PermissionType.CENTRE), + }; + public final static String DYNAMIC_REPORT_NAME = "Tabulková sestava"; public final static ReportMapping REPORTS[] = { new ReportMapping(MOD_ADDRESSBOOK, new Report("Adresní karty", "address")), diff --git a/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java b/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java index 4237338a..a0ec127f 100644 --- a/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java +++ b/src/main/java/info/bukova/isspst/security/IsspstPermissionEvaluator.java @@ -18,7 +18,6 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator { public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { List perms = (List) authentication.getAuthorities(); - String moduleId = ""; String perm = ""; if (permission instanceof String) { @@ -27,25 +26,7 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator { if (targetDomainObject instanceof Service) { - for (Module m : Constants.MODULES) { - if (m.getServiceClass().isAssignableFrom(targetDomainObject.getClass())) { - moduleId = m.getId(); - } - } - - perm += "_" + moduleId; - - for (int i = 0; i < perms.size(); i++) { - if (!(perms.get(i) instanceof Role)) { - return false; - } - if (perms.get(i).getAuthority().equals(perm)) { - return true; - } - if (perms.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) { - return true; - } - } + return evaluateGlobal((Service) targetDomainObject, perm, perms); } return false; @@ -56,5 +37,33 @@ public class IsspstPermissionEvaluator implements PermissionEvaluator { Serializable targetId, String targetType, Object permission) { return false; } + + private boolean evaluateGlobal(Service service, String permission, List perms) { + + String moduleId = ""; + String perm = ""; + + for (Module m : Constants.MODULES) { + if (m.getServiceClass() != null && m.getServiceClass().isAssignableFrom(service.getClass())) { + moduleId = m.getId(); + } + } + + perm += "_" + moduleId; + + for (int i = 0; i < perms.size(); i++) { + if (!(perms.get(i) instanceof Role)) { + return false; + } + if (perms.get(i).getAuthority().equals(perm)) { + return true; + } + if (perms.get(i).getAuthority().equals(Constants.ROLE_ADMIN)) { + return true; + } + } + + return false; + } } diff --git a/src/main/java/info/bukova/isspst/ui/ListViewModel.java b/src/main/java/info/bukova/isspst/ui/ListViewModel.java index ef287118..e8a8777a 100644 --- a/src/main/java/info/bukova/isspst/ui/ListViewModel.java +++ b/src/main/java/info/bukova/isspst/ui/ListViewModel.java @@ -206,7 +206,7 @@ public class ListViewModel { } @GlobalCommand - @NotifyChange({ "dataList", "dataBean" }) + @NotifyChange({ "dataList", "dataBean", "ableToDelete" }) public void refresh() { if (editBean != null && !editBean.isValid()) { return; diff --git a/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java b/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java index eb8e3d19..b7e1c02e 100644 --- a/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java +++ b/src/main/java/info/bukova/isspst/ui/dashboard/DashBoardVM.java @@ -8,6 +8,7 @@ import java.util.Map; import info.bukova.isspst.data.Role; import info.bukova.isspst.data.User; import info.bukova.isspst.data.Workgroup; +import info.bukova.isspst.services.users.UserService; import info.bukova.isspst.services.workgroups.WorkgroupService; import org.springframework.security.core.context.SecurityContextHolder; @@ -18,12 +19,19 @@ public class DashBoardVM { @WireVariable private WorkgroupService workgroupService; + @WireVariable + private UserService userService; private User user; private Map> groupRoles; @Init public void init() { user = User.class.cast(SecurityContextHolder.getContext().getAuthentication().getPrincipal()); + + if (user.getParents() == null) { // try reload from DB + user = userService.getCurrent(); + } + groupRoles = new HashMap>(); List wg = new ArrayList(); diff --git a/src/main/java/info/bukova/isspst/ui/users/UsersList.java b/src/main/java/info/bukova/isspst/ui/users/UsersList.java index 62f7307d..4b13cf27 100644 --- a/src/main/java/info/bukova/isspst/ui/users/UsersList.java +++ b/src/main/java/info/bukova/isspst/ui/users/UsersList.java @@ -36,14 +36,14 @@ public class UsersList extends ListViewModel { } @Override - @NotifyChange({"permissions", "dataBean"}) + @NotifyChange({"permissions", "dataBean", "ableToDelete"}) public void setDataBean(User user) { super.setDataBean(user); } @Override @GlobalCommand - @NotifyChange({"dataList", "dataBean", "permissions"}) + @NotifyChange({"dataList", "dataBean", "permissions", "ableToDelete"}) public void refresh() { super.refresh(); } @@ -80,7 +80,7 @@ public class UsersList extends ListViewModel { return false; } - if (getDataBean().getUsername() == "admin") + if (getDataBean().getUsername().equals(Constants.DEF_ADMIN)) { return false; } diff --git a/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java b/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java index 5b4155d8..69e34748 100644 --- a/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java +++ b/src/main/java/info/bukova/isspst/ui/workgroups/WorkgroupList.java @@ -40,14 +40,14 @@ public class WorkgroupList extends ListViewModel { return null; } - @NotifyChange({"dataBean", "workgroupTreeModel"}) + @NotifyChange({"dataBean", "workgroupTreeModel", "ableToDelete"}) public void setDataBean(Workgroup data) { super.setDataBean(data); } @Override @GlobalCommand - @NotifyChange({ "dataList", "dataBean", "workgroupTreeModel" }) + @NotifyChange({ "dataList", "dataBean", "workgroupTreeModel", "ableToDelete" }) public void refresh() { super.refresh(); } diff --git a/src/main/webapp/admin/permissions/permForm.zul b/src/main/webapp/admin/permissions/permForm.zul index 4eb3ff55..6e340195 100644 --- a/src/main/webapp/admin/permissions/permForm.zul +++ b/src/main/webapp/admin/permissions/permForm.zul @@ -1,6 +1,6 @@ -